“Critical to an organization’s success is being able to share data in the most secure fashion. The organizations that thrive are the ones that know how to do it the right way.”
– Leroy Cunningham, Information Security Manager at CMI
Chartered Management Institute CMI is an organization incorporated by Royal Charter that works with businesses to inspire people to become skilled, confident and successful managers and leaders. CMI needed to share a wide variety of personal data while maintaining General Data Protection Regulation (GDPR) compliance using Google Workspace. With Virtru, CMI can now:
- Achieve GDPR compliance within Google Workspace, using tools that are familiar to employees and participants.
- Protect personal data for thousands of active learners and businesses.
- Break down data-sharing silos across departments, while meeting each department’s unique business needs.
- Equip employees with greater autonomy to make the right choices about sharing data.
- Build a Data Loss Prevention (DLP) framework to automatically encrypt their most sensitive data and educate employees about best practices.
- Enable secure, simplified communications between employees and program participants.
Achieving GDPR Compliance in Google Workspace
CMI protects sensitive personal data for its learners, members and employees in compliance with GDPR. By leveraging Virtru’s end-to-end encryption for Google Workspace (including Gmail and Google Drive), CMI ensures that data remains secure across its entire life cycle, from creation to storing and sharing.
Trust is at the core of CMI’s values, so protecting the personal data of program participants is mission critical. “We need to store the data of our program participants and be able to transport the data backwards and forwards, and it’s absolutely key that we protect that information.”
At the same time, CMI has to protect their organization’s sensitive information, as well as that of the many partners they work with. “We’re currently using Google and have adopted Google Workspace for our collaboration needs, and whilst it has its own built-in security elements, when it came to providing encrypted email, we found Virtru to be second to none.”
In addition to meeting compliance regulations, Cunningham was drawn to Virtru because it offered a blend of simplicity and granularity. “It’s great having all the bells and whistles, but if your end users don’t know how to use it, they won’t use it, and it’s as simple as that. I like how clean and simple Virtru’s product is, it’s a simple toggle switch to turn it on or off, and it gives us more autonomy.”
Equipping Employees to Make the Right Decisions
This philosophy of continuous learning and lifelong education is reflected both externally and internally at CMI. Cunningham’s team uses Virtru’s configurable Data Loss Prevention (DLP) rules to encrypt some types of data by default—such as credit card information—but for some categories, Cunningham prefers to issue a warning, using that as a teaching moment.
“While Virtru provides us with a safety net, we also like the idea of being able to educate our users at the same time. So, instead of automatically encrypting something sensitive, we can let the users know and advise them to encrypt it. That way, there’s always a learning process in place. I think that’s key: keeping security top of mind and not creating complacency. It just reaffirms that thought process and, over time, it becomes second nature to them… These aren’t things that I can just teach them, it has to be something they can see and touch for themselves.”
“Culture change is tough,” Cunningham continued, “And people are used to doing things the way they’ve always done it. We try to create an educational shift, so if there’s anything that allows me to empower employees, and at the same time educate them, it’s win-win.”
Bringing Teams Together Around Data Loss Protection (DLP)
While most of CMI’s email encryption settings with Virtru were ready to use “out of the box,” the organization is exploring ways to configure DLP rules for certain workflows, like applying encryption to specific keywords for a subset of the organization.
Cunningham and his team are currently working on a project in partnership with teams across the organization, updating what types of data each department is responsible for, and what custom DLP rules could be applied for those departments. These discussions have opened up greater engagement across the organization around data security.
Unlocking New Efficiencies
At CMI, sharing information is critical to success. Budding leaders need feedback from their apprenticeships; exam scores need to be conveyed; credentials need to be shared. Cunningham sees secure data sharing as an opportunity to unlock greater efficiencies and momentum for the organization, equipping employees to move faster. This is why CMI has deployed Virtru licenses for every employee.
For more information on how Virtru can help you achieve your secure data sharing objectives, please contact us today.
About Chartered Management Institute (CMI)
CMI is dedicated to empowering managers and leaders across the U.K. For over 70 years, CMI has been fostering professional growth and creating more skilled, confident, and successful leaders across a wide variety of disciplines. CMI has an engaged community of over 150,000 members and over 100,000 active learners. To find out more, visit managers.org.uk.